In an era of ever-present digital threats that can undermine and erode stakeholder trust, organisations should invest to earn “digital trust,” that is, protect their data and information from fraud and bad actors to safeguard their relationships, reputation, and revenue. This task could be more difficult than ever before as technology and the threats to digital trust it enables continue to evolve. For example, deepfakes—fake digital images, videos, or audio that can be generated using artificial intelligence (AI) at the click of a button—can already be used to impersonate individuals. Such an impersonation caused a CEO of an energy company to approve a US$243,000 wire transfer to a fictional supplier in 2019.1 While deepfake scams are still a relatively new threat, they grew more than 900% annually between 2017 and 2019,2 and were estimated to have cost businesses more than US$250 million in 2020.3
The stakes are high, and any misstep can impact customer loyalty, financial performance, brand equity, and ultimately undermine an organisation’s ability to build and maintain trust. Surveys suggest that 81% of consumers lose trust in a brand after a breach, while 25% completely stop interacting with it.4 The stakes became even higher as the pandemic accelerated digital work infrastructures5 and drove spending on emerging tech security strategies and solutions.6
While many leaders understand the threats to digital trust, they may find it difficult to augment traditional cybersecurity measures with more advanced solutions. What will best address today’s digital trust needs? When preparing for tomorrow, what investments in digital trust solutions are the most effective bets? There are certainly many options—our analysis found at least 2,000 patents related to digital trust filed annually7 between 2015 and 2020—illustrating why it can be hard to choose the right tools.
As leaders consider where to place their investments to improve digital trust, it’s important to note that addressing digital trust should include an end-to-end interdisciplinary approach across people, process, governance, and regulation, with technology being a key enabler. In this study, we focus on advanced technology enablers that organisations can explore, over and beyond existing cyber measures, to enhance digital trust. Our interviews with 15 global subject matter specialists and leaders found four promising technology solutions—AI-based data monitoring, cloud-enabled data trusts, blockchain, and quantum technologies. We further validated these findings by analysing the trends in digital trust–related patents granted over the last five to six years to gauge the maturity of these emerging technologies vis-à-vis digital trust. While there are many innovations in commercially available solutions that are unpatented, for this study, we look at patents as they help provide a window into broad innovation areas and maturity. And we exclusively analyse granted patents, rather than including the patent applications, as they are better indicators of truly differentiated, credible innovation to watch (see appendix, “Digital trust innovation research”). Based on the maturity of these solutions, two of them seem able to meet today’s needs. The other two are future bets for the near and long term, which may help organisations stay ahead of evolving threats for the foreseeable future.
Building on Deloitte’s definition of trust,8 we define digital trust as the confidence among customers, employees, partners, and other stakeholders in an organisation’s ability to create and maintain the integrity of all digital assets (including data/information, architectures, applications, and infrastructure) across stakeholder experiences, strategic insights, organisational platforms, and network connectivity.9 This digital trust ensures transparency and accessibility, security and reliability, privacy and control, and ethics and responsibility.10
Organisations looking to enhance digital trust today can already invest in relatively mature, common solutions; however, advanced solutions that may currently be limited to select industries or use cases have the potential to offer new capabilities. These advanced solutions should not replace existing cyber measures; rather, they can provide complementary and additive digital trust advantages. Our research revealed two advanced solutions that organisations can consider adopting today: AI-based data monitoring and data trusts.
Of the many applications where AI could be applied to improve digital trust, our research uncovered some business cases where AI monitoring can help, especially when validating contextual data accuracy and governing data access and usage by participants across an ecosystem.
AI can help make sure data is correct and isn’t tampered with and, therefore, can be trusted. Manually identifying and cleaning poor-quality data, including incorrect, stale, missing, or poorly labelled data, can be time-consuming and expensive.11 It costs organisations an average of US$13 million annually.12 Furthermore, if a bad data model is ingested, it can compromise outcomes and amplify the effects of bad information.13 AI can help validate information accuracy, authenticity, and reliability for data in context.14 Today, AI-based solutions can detect missing data, anomalies, or unexpected data in real time.15 Emerging AI solutions are able to identify fake or manipulated documents, images, deepfake videos, and more.16 Deepfake-detection algorithms can check for digital integrity such as the presence of grey scale pixels at the boundaries of manipulated sections.17 They can can also check for physical irregularities such as inaccurate shadows and reflections, and biometric irregularities like lip movement, blinking, and pupil shape.18 Facebook and Michigan State University’s model identifies deepfakes with reportedly 70% accuracy, by reverse-engineering aspects of the AI used to create it.19 Such solutions can help build trust in the data, related processes, and the insights generated from it.
AI can improve identity and access management. It can help flag and prevent unauthorised data access, detect abnormal user behaviour, or other anomalies.20 Behavioral solutions can establish authorised user identities and block bot accounts based on users’ interaction patterns with devices.21 Spam filters based on machine learning (ML) reduce the risk of unauthorised access attempts via phishing or social engineering attacks22—some of the most common ways to infect systems with malware or ransomware and gain access to data. A survey found that 75% of respondents agree that behavior-based analytics is the only way to catch complex ransomware attacks.23 Behaviour analytics, when combined with unsupervised ML algorithms, can enable more proactive security measures.24 In fact, organisations with fully deployed AI solutions can have up to an 80% lower cost impact from data breach incidents, compared to those without.25
AI can make sure that data is used as intended. For example, organisations can monitor public sites or platforms to identify intellectual property or copyright infringements on digital assets such as text, music, images, and more. YouTube’s AI-driven Content ID platform helps identify copyrighted content and facilitates payouts to rightful owners, to the tune of billions of dollars annually.26
Organisations can consider emerging privacy-preserving techniques as they think about leveraging digital trust AI use cases.27 Homomorphic encryption allows AI solutions to directly analyse encrypted data to generate insight without having to decrypt and expose the underlying data.28 And federated learning-based solutions can analyse data and train algorithms, across decentralised devices and servers, without necessitating actual data access or exchange.29 For example, Secure AI Labs leverages federated learning for analysing sensitive health data,30 and Google Ads shifted to a federated model to locally and anonymously analyse users’ interests.31 These approaches enable outcomes such as generating insights without data misuse, ensuring greater data privacy and security, and simplifying data access and usage management, thus making AI increasingly viable for highly regulated industries.
AI isn’t a digital trust cure-all, and it still has a lot of room to grow. Our research found some vulnerabilities related to AI’s applicability for certain use cases. For instance, it can perform poorly when policing text due to its inadequate understanding of context. In such instances, a more human-AI collaborative setup could prove helpful. Additionally, unethical and biased AI is a digital trust issue itself. Deloitte’s research has shown that AI biases can be either active (due to human action) or passive and may be more pervasive than organisations realise. Apart from education and a human-first approach, technology is one of the ways in which this challenge can be mitigated; some AI solutions are being developed that can uncover biases and ensure model fairness.32 Even then, despite these challenges, our analysis shows that AI innovations related to digital trust have been growing at a brisk pace over the years.33 With further advancements in AI algorithms and the availability of robust, extensive training datasets and correlations, more mature and automated solutions are expected across use cases.
Data is the new currency. According to Alex “Sandy” Pentland, director of MIT’s Connection Science Lab, “We have banks for money, but we don’t have the same infrastructure for data.” He suggests that data trusts can fill that void.34
Much in the same way a bank holds and manages financial assets, data trusts or cooperatives manage data for others. They’re a business model in which independent third parties validate, control, secure, and share information, governing the data’s proper use and managing legal data rights on behalf of its beneficiaries.35 While there are various approaches to empowering customers with greater security and control for their data-sharing and usage, data trusts emerge as an interesting techno-legal approach. Data trusts can come in many forms, from a single entity storing data and only sharing collective insights to a group of trusted third parties working together for collective benefit.36 For example, MIDATA, a health data cooperative, allows members to control their own personal data flow to actively contribute to medical research globally.37 Construction Data Trust is set up in the United Kingdom to facilitate trusted information-sharing across the sector.38 While the benefits of data trusts from a data producer or customer perspective are clear, the third party’s role may not be transparent, or inherently trusted; therefore, organisations should think carefully about who their customers will accept to manage their data, how to communicate about it, and where and when to engage the customer in the process.39
From a business perspective, data trusts can help unlock a range of benefits such as reduced data silos, greater control, and access to trusted and audited information, along with improved brand reputation from ethical and transparent data collection and use. Our interviews suggest that digital trust is enhanced by data trusts because organisations can gain greater confidence in that data and the insights generated from it.
From an IT perspective, data trusts can enhance digital trust by validating a single source of trusted information, making data management and sharing easier and more trusted. And organisations can avoid data bloat and gain access to only necessary data and insights through intermediaries, providing an added layer of privacy and protection,40 while minimising the risks of data loss, breaches, mismanagement, or fraud.41 Data trusts are also emerging as a relevant solution for managing and sharing huge volumes of IoT (the Internet of Things) and sensor data.42 Open Data Institute is piloting data trusts for various smart city use cases in London.43 Cloud technology is making data trusts more effective at managing digital information that needs to be shared across networks with greater digital trust. For instance, Mastercard, with IBM, has established an independent data trust, Trūata, to manage customer financial information securely and anonymously; and cloud allows for the use of that data across other trusted digital solutions.44
Although an important model to maintain digital trust, data trusts come with challenges. Distributed cloud systems enable easier data-sharing, but they can also lead to data sovereignty and compliance issues if not properly governed. For example, data stored in one country may get replicated to a data center located in another country for business continuity and disaster recovery purposes, creating issues with local data standards and privacy laws, that is, when proper governance and control measures are not set. Also, data trusts aggregate high-value data; so even if the data is physically distributed, it is still a target for cyberattacks. A federated cloud security model can be considered to help address this issue. Organisations can use a cloud-data fabric—data seamlessly stitched together across different sources and infrastructures—to create a tiered security model that helps abstract and better protect data as it is being consumed.45 With such measures in mind, data trusts are a viable model that organisations across industries can pursue to enhance digital trust.
Cloud-enabled data trusts and AI monitoring are rapidly maturing innovations that can help build digital trust for data and information beyond core cyber solutions. However, organisations also need to understand where technology is heading and be prepared for what’s next to disrupt or enhance digital trust—not just for today’s infrastructure, but also for tomorrow’s future-readiness. So based on our qualitative research, coupled with a patent analysis, we examine two such topics: blockchain and quantum technologies. Both should be on organisations’ radars now given their innovative and transformative potential for digital trust.
Often referred to as a trust-less solution, blockchain provides a mechanism to trust individuals, organisations, and contractual details through an independently verifiable, immutable, and trusted database or ledger. This can reduce the need for trusted third parties as organisations trust the technology instead. Uniform, continually auditable systems could eventually replace the current patchwork of separate systems—streamlining permissions, security, and privacy.46 Rapid innovation is happening around blockchain technology, and projects are gradually moving beyond early proofs-of-concept or pilots.47 Digital fingerprinting, digital identity, digital assets, and smart contracts are some of blockchain’s top use cases and are intertwined to provide a robust framework for trusted relationships.48 Blockchain can help maintain a trusted record of transactions. By tracking data and its fingerprint, stakeholders gain greater transparency and can easily establish data authenticity and integrity. There is a gradual increase in adoption of blockchain-based systems that can track products and corresponding information across complex global supply chains.49 Norwegian aluminum manufacturer Hydro and global certification body DNV piloted a blockchain solution to allow urban furniture users to simply scan a barcode and trace the sustainable aluminum used in a park bench or a litter bin and ascertain the CO2 emission from its raw material.50The media industry is also exploring the use of blockchain to counter challenges such as misinformation and to establish digital trust in publicly available information. The Safe.press consortium adds a blockchain-linked digital seal of approval to member publications. Whenever these news sources are appended to stories or references, its key gets tracked, enabling consumers to track its origin and making it difficult to falsify news articles.51
Blockchain can help with trusted identities. This is a key component when it comes to any digital relationship or transaction. Blockchain can verify credentials without revealing details behind that identity and enables decentralised, tamper-proof self-sovereign identities,52 which can be used for various commercial and government services. For example, the government of Zug, Switzerland, created a digital, decentralised, sovereign identity for its citizens, enabling them to partake in activities like casting votes and accessing government services.53 Likewise, MIT piloted blockchain-based, verifiable, tamper-proof diplomas that graduates can securely and easily share externally.54
Blockchain can establish asset ownership. Digital assets, especially cryptocurrencies, comprise a use case currently adopted at scale. According to Deloitte’s 2021 Global Blockchain survey, around 40% of respondents say digital assets will have a significantly positive impact on improving compliance and transparency, reducing risk, and enhancing trust.55 Non-fungible tokens (NFTs)—unique, non-interchangeable data units stored on a blockchain—are emerging as a viable solution to authenticate and certify ownership of digital assets.56 Even though NFTs can be copied, their creator and owner will still be publicly displayed.57 Currently, they’re gaining popularity in the art market and with sports memorabilia58 but have the potential for broader application across industries. For example, NFTs can mark health data belonging to a particular person as a form of identification and guarantee of ownership. This also enables patients to know how their data is being used and potentially monetise it.59
Lastly, blockchain can enable faster legal agreements and automate trust. Blockchain-based smart contracts can help parties agree on terms and transact without any third-party intermediary or escrow, and trust that they will be executed automatically with reduced risk of error or manipulation.60 Partior, a joint venture between Temasek, DBS, and a leading US-based financial services company, is piloting a cross-border payment system based on blockchain and smart contracts in an effort to improve efficiency and trust.61 The company predicts a three-to-five-year time frame for the mass adoption of this platform.62 The technology can also be used for automatic validation of information and digital funds by ports to enable faster processing and releasing of ships.
Despite these wide-ranging use cases, blockchain for digital trust is still in its early days. Technological constraints such as limited transaction throughput, user obfuscation, platform interoperability, along with nontechnical constraints such as limiting incentive mechanisms in public blockchains and the lack of industry standards and regulatory harmony, among others,63 can limit the ability to construct a robust solution that enhances digital trust. However, ongoing rapid innovation and increasing maturity and understanding among stakeholders suggest that we can expect many of these limitations to be addressed in the coming years, resulting in a transformative change to digital trust. Hence, organisations should begin understanding this upcoming digital infrastructure now to incubate future solutions.
Quantum technologies will likely impact digital trust in three distinct ways.64 First, the immense computing power that quantum computers promise can be applied to perform vast analytics on cyber and privacy data to detect anomalous or suspicious behaviour. Second, quantum technologies’ physical properties may offer enhanced components to cyber systems such as cryptographic key generation and distribution. Third, when fully mature, quantum computing may be able to implement Shor’s algorithm,65 which would render some common encryption techniques easy to crack, making data and transactions more vulnerable to attackers.66 Maintaining digital trust in a postquantum world will likely leverage a number of capabilities,67 most notably the use of encryption techniques that are “quantum-resistant,” also referred to as postquantum cryptography (PQC). PQC runs on classical computers and uses complex mathematical problems believed to be unsolvable by quantum computers. PQC is expected to be interoperable with current communication protocols and networks, making it more cost-effective and easier to maintain.68 The National Institute of Standards and Technology (NIST) aims to standardise quantum-resistant algorithms by 2024.69 Furthermore, as organisations review their underlying cryptographic processes in anticipation of PQC, it’s likely that they will move toward a more crypto-agile state with an improved level of overall cyber hygiene.70 This enhanced awareness of cryptographic reliance could contribute toward improved digital trust.
As mentioned previously, quantum principles can also potentially enhance data-encryption systems,71 using methods such as quantum key distribution (QKD).72 QKD uses quantum mechanics to distribute encryption keys between two parties. Due to the inherent tamper-evident properties of quantum physics, any attempt to eavesdrop the keys would be detected.73
But QKD technology has some limitations, including complex processes, oversized special equipment, and high costs.74 The fragile state of quantum particles involved can significantly limit its coverage and reach.75 Some small-scale, experimental implementations of QKD have been publicized—for example, the integrity and security of the election process in a Swiss canton was protected by incorporating QKD.76 QKD’s commercial approval or use for critical systems is challenged unless its limitations are overcome. The US National Security Agency, for example, has currently refrained from supporting the usage of QKD to protect communications in national security systems.77
Because it will be hard to predict when today’s internet becomes vulnerable to tomorrow’s quantum hackers, and because that moment would be catastrophic for digital trust, it’s important that leaders gain awareness and begin to prepare as early as possible. Although the implementation of Shor’s algorithm is predicted to be on the order of 10 to 15 years away,78 the time required to gather a full cryptographic inventory, institute a governance process,79 and select and implement PQC algorithms is significant. Hence, organisations should keep a pulse on quantum technology and the related cryptography landscape and ensure timely technology and talent investment for developing the needed crypto-agility and infrastructure.80
While there’s no single solution to solve the digital trust puzzle, AI-based monitoring, data trusts, blockchain, and quantum technologies are some of the solutions that can play a valuable role. How might these digital trust tech approaches protect you? Consider the danger that deepfakes pose to organisations. Let’s say you’ve been targeted by bad actors who pose as your company’s CEO and attempt a false transaction or data breach. An AI-based monitoring solution that’s integrated across your organisation’s network and applications could alert you to a potential deepfake as a first line of defence and block further attempts. If missed, a robust blockchain-based solution could help easily verify the transaction details and establish fail-safe mechanisms within a smart contract. Additionally, through a data-trust setup, the amount of compromised data could be minimized. Lastly, if your organisation someday implements quantum-resistant safeguards within network and communications channels, other organisations can have much stronger confidence in the integrity of your data and transactions.
Given the rising business impacts, digital trust is not merely a CIO or CISO issue anymore; it requires the CEO and other business leaders to be engaged in technology investments now and into the future. Leaders can’t afford to play the waiting game. Rapid technology innovation is enabling new digital threats too quickly. Leaders need to be proactive, sense innovation opportunities, and invest accordingly to weave them into their digital-trust fabric. This should be an ongoing activity—like a regular rhythm—to maintain and advance digital trust today and tomorrow.
Our patent analysis found a gradual rise (approximately 15% year over year) in the overall number of digital trust–related patents granted between 2015 and 2020.81 But, the data shows that certain emerging technology families are growing at a much faster rate, indicating their relative importance and popularity. Upon further analysis, the following trends emerge (figure 1):
Cloud technology has relatively matured in its innovation cycle. And given cloud’s ability to enable other technologies—and, in some instances, improve their security and effectiveness—it might be an essential technology for an organisation’s digital trust strategy.
AI and ML patents are growing at a brisk pace (35%) and provide numerous avenues today for organisations to enhance digital trust across applications and use cases.
Blockchain, on the other hand, appears to be in its initial, rapid-growth phase. Blockchain patents have grown by almost 200% YoY over the last three years. This indicates that blockchain may have promising growth potential as an increasingly viable digital trust solution—but has not yet reached peak maturity. Blockchain projects are gradually moving from early proofs-of-concept or pilots to full-scale implementations;82 thus, in the near future, blockchain could play a truly foundational role in establishing digital trust across the enterprise and ecosystem.83
Quantum technologies are much earlier in their innovation curve; but specialists suggest that they could become vital to ensuring the security of sensitive digital assets as core quantum-computing capabilities mature.84
In this digital world, your reputation begins and ends with cyber. With cyber everywhere, it’s a shared responsibility, right across your enterprise. Our experience with cyber enables us to build a culture of understanding, connection, and trust with you, your organisation and your wider community.